RBIT777 (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
March 13, 2022, 12:01:55 PM |
|
HELLO im looking at my hardrive with winhex to find my keys and i cant find nothing everything looks jebrish , any idea ?
|
|
|
|
|
|
|
|
Even in the event that an attacker gains more than 50% of the network's
computational power, only transactions sent by the attacker could be
reversed or double-spent. The network would not be destroyed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2394
Merit: 5568
Self-proclaimed Genius
|
If you have been using the hard drive, that's normal. Chances that you'll recover the wallet.dat in that case is very slim.
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
RBIT777 (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
March 13, 2022, 12:08:27 PM |
|
didnt use it that much
|
|
|
|
PawGo
Legendary
Offline
Activity: 952
Merit: 1367
|
|
March 14, 2022, 09:40:57 AM |
|
Do you know what you are looking for? You should look for hex values "0420" and "308201130201010420". I would recommend to use one of existing tools, like https://github.com/pierce403/keyhunterAnd the most likely you will not be able to extract your private key if wallet was encrypted with password.
|
|
|
|
|
RBIT777 (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
March 16, 2022, 07:55:18 AM |
|
I REMEMBER THAT I DIDNT KNOW how to put a password , so no password when i look with hex i find wallet.dat but no address and nothing looks like a wallet
|
|
|
|
BitMaxz
Legendary
Offline
Activity: 3234
Merit: 2955
Block halving is coming.
|
|
March 16, 2022, 11:53:55 PM |
|
I REMEMBER THAT I DIDNT KNOW how to put a password , so no password when i look with hex i find wallet.dat but no address and nothing looks like a wallet
Since you said above that you can see any hex code that looks like a wallet then maybe your wallet.dat is encrypted with a password. Why not try to extract the wallet.dat file from your hex tool and then try to install Bitcoin and import the wallet let it sync it for a while or use the pywallet from jackjackjj as suggested above and then use the dump command to export the private keys. Make sure you have python installed. Here's the command: python pywallet.py --dumpwallet --datadir=. > wallet.txt
|
|
|
|
litecoin_messiah
|
|
March 17, 2022, 03:15:49 AM |
|
Pywallet requires ton of plugins, you dont want to be connecting to the internet while sandboxed just to get that script working properly, (just a millisecond can leak keys) to some hacker i suggest first just searching for the berkeley database file headers, you can then use some software to extract the files. but first make a disk image using a ubuntu live usb or something. go to gnome disks, (if using windows make sure the computer isnt hibernating and shut down correctly or not i dunno maybe that might overwrite some data if you do make 3 disk images i guess, do sudo gnome-disks if your noob and select disk and create an image of it on a m2ssd or something) #!/usr/bin/env python """ searchbin.py -t PATTERN [FILE [FILE...]] searchbin.py -p PATTERN [FILE [FILE...]] searchbin.py -f FILE [FILE [FILE...]]
examples: ./searchbin.py -t "hello" myfile.exe Searches for the text "hello" in myfile.exe.
./searchbin.py -p "CCDDFF" myfile.exe Searches for the hexidecimal pattern "CCDDFF" in myfile.exe.
./searchbin.py -f pattern.bin myfile.exe Reads the file pattern.bin, and searches for a binary match within myfile.exe.
Many more capabilites, just run ./searchbin.py --help
+Features: no compiling, fast, small file, wild card matches, search multiple files of unlimited size, all operating systems +Minimum Py2.7 required for argparse library +keywords binary grep search seek find fast
license: BSD 2-Clause License, 2012, Sepero license: http://www.opensource.org/licenses/BSD-2-Clause """
from __future__ import unicode_literals import re import signal import sys
# Global variables. CONTACT=("sepero 111 @ gmx . com\n" "https://bitbucket.org/Sepero/searchbin/issues/new\n" "http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html")
VERSION="1.00" DEBUG = False STDOUT = sys.stdout
try: # Python 3 modifications. STDIN = sys.stdin.buffer except: # Python 2 modifications. STDIN = sys.stdin range = xrange
def _exit_error(code, option="", err=None): """ Error information is kept here for the purposes of easier management and possibly language tranlation. Returns nothing. All calls exit the program, error status 128. """ error_codes = { "Xpatterns": "Cannot search for multiple patterns. '-t -p -f'", "0patterns": "No pattern to search for was supplied. '-t -p -f'", "decode": "The pattern string is invalid.\n" + str(option), "bsize": "The buffer size must be at least %s bytes." % str(option), "sizes": "Size parameters (-b -s -e -m) must be in decimal format.", "fpattern": "No pattern file found named: %s" % option, "startend": "The start of search must come before the end.", "openfile": "Failed opening file: %s" % option, "logwrite": "Could not write to the log file: %s" % option, "read": "Failed reading from file: %s" % option, } import traceback sys.stderr.write(traceback.format_exc() + "\n") if not DEBUG: sys.stderr.write("version: %s\n" % VERSION) sys.stderr.write("Please Report issues to: %s\n" % CONTACT) if err: sys.stderr.write("%s\n" % str(err)) sys.stderr.write("Error <%s>: %s\n\n" % (code, error_codes[code])) if __name__ == "__main__": sys.exit(128) # Exit under normal operation. raise # Raise error on unittest or other execution.
def get_args(): """ Parse all arguments from the command line using ArgumentParser. Returns an args object with attributes representing all arguments. """ from argparse import ArgumentParser description = CONTACT + """ An argument -t or -p or -f is required. The -p argument accepts a hexidecimal pattern string and allows for missing characters, such as 'FF??FF'. When using -f argument, the pattern file will be read as a binary file (not hex strings). If no search files are specified, %prog will read from standard input. The minimum memory required is about 3 times the size of the pattern byte length. Increasing buffer-size will increase program search speed for large search files. All size arguments (-b -s -e) are read in decimal format, for example: '-s 1024' will start searching after 1kilobyte. format, for example: '-s 1024' will start searching after 1kilobyte. Reported finds are 0-based offset. """ p = ArgumentParser(description=description) def add(s, **kwargs): args = s.split(':') value = args.pop(2) # Pop item at index 2 (argument type). if value: kwargs['type'] = eval(value) #(type)(value) # str(value) or long(value). value = args.pop(2) # Pop item at index 2 (argument metavar). if value: kwargs['metavar'] = value value = args.pop(2) # Pop item at index 2 (argument name/destination). if value: kwargs['dest'] = value p.add_argument(*args, **kwargs) p.add_argument('-f', '--file', type=str, metavar='FILE', dest='fpattern', help='file to read search pattern from') p.add_argument('-t', '--text', type=str, metavar='PATTERN', dest='tpattern', help='a (utf-8 case-sensitive) text string to search for') p.add_argument('-p', '--pattern', type=str, # I would use -h for hex, but that's used for help output. metavar='PATTERN', dest='ppattern', help='a hexidecimal pattern to search for') try: # Python 3. p.add_argument('-b', '--buffer-size', type=int, metavar='NUM', dest='bsize', help='read buffer size (in bytes). 8MB default') p.add_argument('-s', '--start', type=int, metavar='NUM', dest='start', help='starting position in file to begin searching, as bytes') p.add_argument('-e', '--end', type=int, metavar='NUM', dest='end', help='end search at this position, measuring from beginning of file') p.add_argument('-m', '--max-matches', type=int, metavar='NUM', dest='max_matches', help='maximum number of matches to find (0=infinite)') except: # Python 2. p.add_argument('-b', '--buffer-size', type=long, metavar='NUM', dest='bsize', help='read buffer size (in bytes). default is 8388608 (8MB)') p.add_argument('-s', '--start', type=long, metavar='NUM', dest='start', help='starting position in file to begin searching, as bytes') p.add_argument('-e', '--end', type=long, metavar='NUM', dest='end', help='end search at this position, measuring from beginning of file') p.add_argument('-m', '--max-matches', type=long, metavar='NUM', dest='max_matches', help='maximum number of matches to find (0=infinite)') p.add_argument('-l', '--log', type=str, metavar='FILE', dest='log', help='write matched offsets to FILE, instead of standard output') p.add_argument(type=str, metavar='FILE', dest='fsearch', nargs='*', help='files to search within') p.add_argument('-v', '--verbose', dest='verbose', action='store_true', help='verbose, output the number of bytes searched after each buffer read') p.add_argument('-V', '--version', action='version', version='%(prog)s ' + VERSION) p.add_argument('-d', '--debug', dest='debug', action='store_true', help='debugging (don\'t use this)') return p.parse_args()
""" =Patterns= A pattern is a list. It represents the division between known and unknown bytes to search for. All hex/text/file input is converted to a pattern. Examples of conversions: hex "31??33" becomes ['A', 'C'] # Everything is converted internally to strings, even though they may not be printable characters. text "A?C" becomes ['A', 'C'] text "A??C" becomes ['A', '', 'C'] """ def hex_to_pattern(hex): """ Converts a hex string into a pattern. """ ret = [] pattern = hex if hex[:2] == "0x": # Remove "0x" from start if it exists. pattern = hex[2:] try: ret = [ p for p in pattern.split("??") ] try: # Python 3. return [ bytes.fromhex(p) for p in ret ] except AttributeError: # Python 2. return [ p.decode("hex") for p in ret ] except(TypeError, ValueError): e = sys.exc_info()[1] _exit_error("decode", hex, e)
def text_to_pattern(text): """ Converts a text string into a pattern. """ try: # Python 3. return [ t.encode('utf-8') for t in text.split("?") ] except TypeError: # Python 2. return [ t for t in text.split("?") ]
def file_to_pattern(fname): """ Converts a file into a pattern. """ try: # If file specified, read it into memory. with open(fname, "rb") as f: return [f.read()] except IOError: e = sys.exc_info()[1] _exit_error("fpattern", fname, e)
# We will be keeping the parsed args object and editing its attributes! def verify_args(ar): """ Verify that all the parsed args are correct and work well together. Returns the modified args object. """ DEBUG = ar.debug # Make sure that exactly 1 pattern argument was given. all_patterns = list(filter(None, [ar.fpattern, ar.ppattern, ar.tpattern])) if len(all_patterns) > 1: _exit_error("Xpatterns") if len(all_patterns) == 0: _exit_error("0patterns") # Create a new variable ar.pattern, and fill it with # whichever pattern we have -t -f -p. ar.pattern will be a list. if ar.fpattern: ar.pattern = file_to_pattern(ar.fpattern) elif ar.tpattern: ar.pattern = text_to_pattern(ar.tpattern) else: ar.pattern = hex_to_pattern(ar.ppattern) # Convert all number args from strings into long integers. try: for attr in [ "bsize", "max_matches", "start", "end" ]: if getattr(ar, attr): setattr(ar, attr, long(getattr(ar, attr))) except ValueError: e = sys.exc_info()[1] _exit_error("sizes", err=e) # Buffer size must be at least double maximum pattern size. if ar.bsize: if ar.bsize < len("?".join(ar.pattern)) * 2: _exit_error("bsize", len("?".join(ar.pattern)) * 2) else: ar.bsize = len(b"".join(ar.pattern)) * 2 ar.bsize = max(ar.bsize, 2**23) # If bsize is < default, set to default. # Set start and end values to 0 if not set. ar.start = ar.start or 0 ar.end = ar.end or 0 # End must be after start. :) if ar.end and ar.start >= ar.end: _exit_error("startend") # If log file is True, open it and replace ar.log with the file handler. if ar.log: try: ar.log = open(ar.log, "w") except IOError: e = sys.exc_info()[1] _exit_error("openfile", ar.log, e) return ar
def search(ar, fh): """ This function is simply a wrapper to forward needed variables in a way to make them all local variables. Accessing local variables is faster than accessing object.attribute variables. Returns nothing. """ if not DEBUG: _search_loop(ar.start, ar.end, ar.bsize, ar.pattern, ar.max_matches, ar.log, ar.verbose, fh.name, fh.read, fh.seek) else: _debug_search(ar.pattern, fh.name, fh.read)
def _debug_search(pattern, fh_name, fh_read): """ Slower, less functional, but less error prone simple search. For debugging purposes. Returns nothing. """ len_pattern = len(b"?".join(pattern)) read_size = 2**24 - len_pattern # Amount to read each loop. pattern = [ re.escape(p) for p in pattern ] pattern = b".".join(pattern) regex = re.compile(pattern, re.DOTALL+re.MULTILINE) try: buffer = fh_read(len_pattern + read_size) offset = 0 match = regex.search(buffer) while True: if not match: offset += read_size buffer = buffer[read_size:] # Erase front portion of buffer. buffer += fh_read(read_size) match = regex.search(buffer) else: STDOUT.write("Match at offset: %14d %12X in %s\n" % ( offset+match.start(), offset+match.start(), fh_name)) match = regex.search(buffer, match.start()+1) if len(buffer) <= len_pattern: return except IOError: e = sys.exc_info()[1] _exit_error("read", fh_name, e)
def _search_loop(start, end, bsize, pattern, max_matches, log, verbose, fh_name, fh_read, fh_seek): """ Primary search function. Returns nothing. """ len_pattern = len(b"?".join(pattern)) # Byte length of pattern. read_size = bsize - len_pattern # Amount to read each loop. # Convert pattern into a regular expression for insane fast searching. pattern = [ re.escape(p) for p in pattern ] pattern = b".".join(pattern) # Grab regex search function directly to speed up function calls. regex_search = re.compile(pattern, re.DOTALL+re.MULTILINE).search offset = start or 0 # Set start reading position in file. try: if offset: fh_seek(offset) except IOError: e = sys.exc_info()[1] _exit_error("read", fh_name, err=e) try: buffer = fh_read(len_pattern + read_size) # Get initial buffer amount. match = regex_search(buffer) # Search for a match in the buffer. # Set match to -1 if no match, else set it to the match position. match = -1 if match == None else match.start() while True: # Begin main loop for searching through a file. if match == -1: # No match. offset += read_size # If end exists and we are beyond end, finish search. if end and offset > end: return buffer = buffer[read_size:] # Erase front portion of buffer. buffer += fh_read(read_size) # Read more into the buffer. match = regex_search(buffer) # Search for next match in the buffer. # If there is no match set match to -1, else the matching position. match = -1 if match == None else match.start() if verbose: # Print each loop offset if verbose is on. STDOUT.write("Passing offset: %14d %12X\n" % (offset, offset)) else: # Else- there was a match. # If end exists and we are beyond end, finish search. if match == -1 and offset + match > end: return # Print matched offset. find_offset = offset + match STDOUT.write("Match at offset: %14d %12X in %s\n" % ( find_offset, find_offset, fh_name)) if max_matches: max_matches -= 1 if max_matches == 0: # If maximum matches are found, then end. STDOUT.write("Found maximum number of matches.\n") return # Search for next match in the buffer. match = regex_search(buffer, match+1) match = -1 if match == None else match.start() if len(buffer) <= len_pattern: # If finished reading input then end. return # Main loop closes here. except IOError: e = sys.exc_info()[1] _exit_error("read", fh_name, e)
def main(): args = get_args() # Get commandline arguments. args = verify_args(args) # Check arguments for sanity, and edit them a bit. if args.fsearch: # If filenames were given on the commandline, process them. while args.fsearch: # List of files to search inside. try: # Open a filehandler for the filename. filehandler = open(args.fsearch[0], "rb") except IOError: e = sys.exc_info()[1] _exit_error("openfile", args.fsearch[0], e) search(args, filehandler) filehandler.close() args.fsearch.pop(0) # Remove each file after search. else: # If no files were given, search using stdin. search(args, STDIN) sys.exit(0)
if __name__ == "__main__": # This allows the program to exit quickly when pressing ctrl+c. signal.signal(signal.SIGINT, signal.SIG_DFL) main() source: https://github.com/Sepero/SearchBin/blob/master/searchbin.pyis useful works out fo the box without dependencies, might need to chmod +x searchbin.py if it dont execute on terminal after changing into the directory with the searchbin.py file i cant explain how ot run this maybe pay someone to support you in person if you have no tech skills. searchbin -p 01010420 "path to disk image of .img" file,
searchbin -p 01010420 /dev/whicheverpath its on might work too if you want to go cowboy mode. it probably will miss it, so try if it doesnt work, some keys have this preseeding, i noticed half the old wallets i extracted keys from using raw extraction 10141f found mroe keys, they are just 31 bytes after instead of 32 but they start with 00 i think it will start outputting offsets of whereveer private keys are stored on the drive. and you can then run pywallet or if you want to be pressie locate the wallet file. also a bonus, searchbin.py -p 6231050009000000 "path to disk image" will output offsets to wallet files. i mean its not guaranteed to, but it should help you get closer to recovering it. if you get rich please ask me for my wallet address. thanks also if you find any hits let me know i can give more advice, im learning the shit out of recovering wallets as i still cant recover mine.[/code]
|
|
|
|
Looking4answers
Newbie
Offline
Activity: 1
Merit: 0
|
|
March 27, 2022, 06:28:53 PM |
|
Ok so I am new to this forum so I am not sure if this is the proper place to be but I have a problem I am looking for help with. Back in 2010 someone gave me a gift that was a flash drive which contained some bitcoin in a wallet(?). At the time very few people knew of crypto currency and I thought it was useless. (Ungrateful, I know). Anyways, now I can't get the flash drive to open on my computer., is it possible that its not compatible with my newer computer?Any help would be appreciated.
|
|
|
|
PawGo
Legendary
Offline
Activity: 952
Merit: 1367
|
|
March 27, 2022, 06:40:37 PM |
|
What kind of problem do you have? Do you see files and you do not know how to open them? Or Is usb recognized by your computer and opened? If not, which system do you use? Maybe disk was formatted for example for linux and you are using on windows and it is not recognized.
More details please. Later you will have to probably use old Bitcoin Core to extract keys or external program like pywallet. But if you have access to files, first do the backup. Or two.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
March 29, 2022, 06:48:05 AM |
|
Anyways, now I can't get the flash drive to open on my computer., is it possible that its not compatible with my newer computer?
What OS are you running? Windows? If so, does it make the USB connected noise when you plug the flash drive in? Do you get any "error" notifications saying the device has failed to be recognised or initialised? 12 years is quite a long time for flash drives... so, it is possible that the device is actually dead.
|
|
|
|
RBIT777 (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
April 01, 2022, 01:42:53 PM |
|
SO i found 130201010420 couple of times on my hard drive with winhex i hope its a good sign , but dont know what i do from here
i found wallet.dat (only with winhex ) when i try to look 4 it on a regular search i dont find it .
olso found Cipherblockchaining , bitcoin
can someone help me what the next step ?
|
|
|
|
Btcspot
Jr. Member
Offline
Activity: 186
Merit: 1
|
|
April 01, 2022, 06:05:44 PM |
|
Yes i can help. This is good news you might have found your key. After the 0420 digits there will be 64 digits this is usually the key. So count 64 digits after 0420 and write the digits on paper. Then you have the privkey in hex. You will need to convert it to a key that can be imported to wallet which you can get at www.electrum.org You need to convert 64 digit hex into private key wallet import format , then import it Hope it works send me tip thank you.
|
|
|
|
RBIT777 (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
April 02, 2022, 05:25:06 AM |
|
OK , SO IT LOOKS LIKE SOME KIND OF A KEY ... I HAVE LIKE 95 TIMES THIS 130201010420 AFTER THE 0420 I HAVE 64 BITS IN ALL OF THEM THAT START WITH THE SAME FIRST 6 BITS AND THEY ALL FINISH WITH THE SAME 2 BITS AND AFTER EVERY 64 BITS I HAVE 00 00
THET ALL START WITH D0 30
BUT THEY NOT THE SAME , EVERY ONE OF THEM IS A BIT DEFERENT
IS THAT LOOKS RIGHT ?
|
|
|
|
Btcspot
Jr. Member
Offline
Activity: 186
Merit: 1
|
|
April 02, 2022, 07:45:52 AM |
|
Ok this sounds right. Yes it should be different numbers. Did you find out anything.
|
|
|
|
RBIT777 (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
April 02, 2022, 09:33:22 AM |
|
NO IDONT KNOW HOW to convert 64 digit hex into private key wallet import format
|
|
|
|
PawGo
Legendary
Offline
Activity: 952
Merit: 1367
|
|
April 02, 2022, 09:37:27 AM |
|
NO IDONT KNOW HOW to convert 64 digit hex into private key wallet import format
https://iancoleman.io/bitcoin-key-compression/Or it’s offline version ti download from github. Link at the bottom of the page
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2394
Merit: 5568
Self-proclaimed Genius
|
Ian Coleman's key compression tool will not accept HEX Private keys, only WIF and BIP38 PrvKeys. NO IDONT KNOW HOW to convert 64 digit hex into private key wallet import format
As an alternative, you can use brainwallet tool, but same as PawGo's suggestion: use it offline. Webpage ( do not use it online): https://brainwalletx.github.io/#generatorDownload ZIP, extract it and transfer the whole folder to your offline PC, run " index.html" using your browser. To use it for converting HEX into WIF prvKey: - In 'Get Address From' line, click "Secret Component" button.
- In 'Secret Exponent' line, paste your 64 digit hex.
- In 'Address QR Code', click "Toggle Key" and the private key WIF will be displayed above the address.
- You can toggle between compressed and uncompressed WIF by clicking the bottons with the same name in "Point Conversion' line.
- Copy both Compressed (starts with 'K' or 'L') and Uncompressed (starts with '5') WIF and import them to your preferred wallet.
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
PawGo
Legendary
Offline
Activity: 952
Merit: 1367
|
|
April 02, 2022, 02:37:31 PM |
|
Ian Coleman's key compression tool will not accept HEX Private keys, only WIF and BIP38 PrvKeys. Yes, you are right, my mistake. Lack of coffee - that page accepts public key hex, not private key. There is also: https://learnmeabitcoin.com/technical/wif but I am not sure if it is possible to run it offline.
|
|
|
|
litecoin_messiah
|
|
April 02, 2022, 10:00:58 PM Last edit: April 22, 2022, 10:09:18 PM by litecoin_messiah |
|
SO i found 130201010420 couple of times on my hard drive with winhex i hope its a good sign , but dont know what i do from here i found wallet.dat (only with winhex ) when i try to look 4 it on a regular search i dont find it . from bit import Key from bit.format import bytes_to_wif
import re import requests import json import sys, os.path, json, struct, base64, zlib ## created by litecoin_messiah for bitcointalk. 2022. (consider modifying matches = re.findall(b'\x01\x01\x04\x20(.{32})', f.read())) to b'\x01\x01\x04\x1f(.{31})' and prepending 00 prog = os.path.basename(sys.argv[0])
if len(sys.argv) != 2 or sys.argv[1].startswith("-"): print("usage:", prog, "wallet.dat", file=sys.stderr) sys.exit(2)
wallet_file = sys.argv[1]
def salvage(priv): key = Key.from_hex(priv) wif = bytes_to_wif(key.to_bytes(), compressed=False) key = Key(wif) return wif
def salvageC(priv): key = Key.from_hex(priv) wif = bytes_to_wif(key.to_bytes(), compressed=True) key = Key(wif) return wif
with open(wallet_file, "rb") as f: matches = re.findall(b'\x01\x01\x04\x20(.{32})', f.read())
def processWIF(wif): key = Key(wif) return(key.address)
def getB(addr): url = ('https://blockbook-bitcoin.binancechain.io/api/address/'+addr+"?details=basic") r = requests.get(url) return(r.text) def processWIFB(wif): try: result = getB(processWIF(wif)) return(result['addrStr'],result['balance'],result['totalSent'],result['txApperances'],result['totalReceived']) except: return("fail") for priv in matches: v1 = json.loads(getB(processWIF(salvage(priv.hex())))) v2 = json.loads(getB(processWIF(salvageC(priv.hex())))) if (v2['txApperances'] != 0): print(v2) if (v1['txApperances'] != 0): print(v1)
|
|
|
|
JohanM
Member
Offline
Activity: 137
Merit: 35
|
|
April 03, 2022, 06:39:04 PM |
|
If you have a 64 character (or 32 bytes) hex private key, convert it as follows to a WIF (which you can import): Go to web site : https://www.btcschools.net/tron/tron_tool_base58check_hex.phpfill in the Hex to Base58check 'Hex String:' box with the following 80 followed by the 64 character hex you found example 0DF741E9FC092A9306881B6B07E93937D17A487062A99C1D2AD21B0C959EBCE4 is the hex string fill in 800DF741E9FC092A9306881B6B07E93937D17A487062A99C1D2AD21B0C959EBCE4 and get: Base58 String: 5HvSKY3noCN82Afh3tuagBS1XZwGzr81px2hLDm7B6Nt7RcVefx This is the private key in WIF format. Import this in any wallet. NEVER type it into a blockchain explorer or anything, that will expose it.
|
|
|
|
Sdlooking92020
Newbie
Offline
Activity: 9
Merit: 1
|
|
October 26, 2023, 03:41:40 AM |
|
Pywallet requires ton of plugins, you dont want to be connecting to the internet while sandboxed just to get that script working properly, (just a millisecond can leak keys) to some hacker i suggest first just searching for the berkeley database file headers, you can then use some software to extract the files. but first make a disk image using a ubuntu live usb or something. go to gnome disks, (if using windows make sure the computer isnt hibernating and shut down correctly or not i dunno maybe that might overwrite some data if you do make 3 disk images i guess, do sudo gnome-disks if your noob and select disk and create an image of it on a m2ssd or something) #!/usr/bin/env python """ searchbin.py -t PATTERN [FILE [FILE...]] searchbin.py -p PATTERN [FILE [FILE...]] searchbin.py -f FILE [FILE [FILE...]]
examples: ./searchbin.py -t "hello" myfile.exe Searches for the text "hello" in myfile.exe.
./searchbin.py -p "CCDDFF" myfile.exe Searches for the hexidecimal pattern "CCDDFF" in myfile.exe.
./searchbin.py -f pattern.bin myfile.exe Reads the file pattern.bin, and searches for a binary match within myfile.exe.
Many more capabilites, just run ./searchbin.py --help
+Features: no compiling, fast, small file, wild card matches, search multiple files of unlimited size, all operating systems +Minimum Py2.7 required for argparse library +keywords binary grep search seek find fast
license: BSD 2-Clause License, 2012, Sepero license: http://www.opensource.org/licenses/BSD-2-Clause """
from __future__ import unicode_literals import re import signal import sys
# Global variables. CONTACT=("sepero 111 @ gmx . com\n" "https://bitbucket.org/Sepero/searchbin/issues/new\n" "http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html")
VERSION="1.00" DEBUG = False STDOUT = sys.stdout
try: # Python 3 modifications. STDIN = sys.stdin.buffer except: # Python 2 modifications. STDIN = sys.stdin range = xrange
def _exit_error(code, option="", err=None): """ Error information is kept here for the purposes of easier management and possibly language tranlation. Returns nothing. All calls exit the program, error status 128. """ error_codes = { "Xpatterns": "Cannot search for multiple patterns. '-t -p -f'", "0patterns": "No pattern to search for was supplied. '-t -p -f'", "decode": "The pattern string is invalid.\n" + str(option), "bsize": "The buffer size must be at least %s bytes." % str(option), "sizes": "Size parameters (-b -s -e -m) must be in decimal format.", "fpattern": "No pattern file found named: %s" % option, "startend": "The start of search must come before the end.", "openfile": "Failed opening file: %s" % option, "logwrite": "Could not write to the log file: %s" % option, "read": "Failed reading from file: %s" % option, } import traceback sys.stderr.write(traceback.format_exc() + "\n") if not DEBUG: sys.stderr.write("version: %s\n" % VERSION) sys.stderr.write("Please Report issues to: %s\n" % CONTACT) if err: sys.stderr.write("%s\n" % str(err)) sys.stderr.write("Error <%s>: %s\n\n" % (code, error_codes[code])) if __name__ == "__main__": sys.exit(128) # Exit under normal operation. raise # Raise error on unittest or other execution.
def get_args(): """ Parse all arguments from the command line using ArgumentParser. Returns an args object with attributes representing all arguments. """ from argparse import ArgumentParser description = CONTACT + """ An argument -t or -p or -f is required. The -p argument accepts a hexidecimal pattern string and allows for missing characters, such as 'FF??FF'. When using -f argument, the pattern file will be read as a binary file (not hex strings). If no search files are specified, %prog will read from standard input. The minimum memory required is about 3 times the size of the pattern byte length. Increasing buffer-size will increase program search speed for large search files. All size arguments (-b -s -e) are read in decimal format, for example: '-s 1024' will start searching after 1kilobyte. format, for example: '-s 1024' will start searching after 1kilobyte. Reported finds are 0-based offset. """ p = ArgumentParser(description=description) def add(s, **kwargs): args = s.split(':') value = args.pop(2) # Pop item at index 2 (argument type). if value: kwargs['type'] = eval(value) #(type)(value) # str(value) or long(value). value = args.pop(2) # Pop item at index 2 (argument metavar). if value: kwargs['metavar'] = value value = args.pop(2) # Pop item at index 2 (argument name/destination). if value: kwargs['dest'] = value p.add_argument(*args, **kwargs) p.add_argument('-f', '--file', type=str, metavar='FILE', dest='fpattern', help='file to read search pattern from') p.add_argument('-t', '--text', type=str, metavar='PATTERN', dest='tpattern', help='a (utf-8 case-sensitive) text string to search for') p.add_argument('-p', '--pattern', type=str, # I would use -h for hex, but that's used for help output. metavar='PATTERN', dest='ppattern', help='a hexidecimal pattern to search for') try: # Python 3. p.add_argument('-b', '--buffer-size', type=int, metavar='NUM', dest='bsize', help='read buffer size (in bytes). 8MB default') p.add_argument('-s', '--start', type=int, metavar='NUM', dest='start', help='starting position in file to begin searching, as bytes') p.add_argument('-e', '--end', type=int, metavar='NUM', dest='end', help='end search at this position, measuring from beginning of file') p.add_argument('-m', '--max-matches', type=int, metavar='NUM', dest='max_matches', help='maximum number of matches to find (0=infinite)') except: # Python 2. p.add_argument('-b', '--buffer-size', type=long, metavar='NUM', dest='bsize', help='read buffer size (in bytes). default is 8388608 (8MB)') p.add_argument('-s', '--start', type=long, metavar='NUM', dest='start', help='starting position in file to begin searching, as bytes') p.add_argument('-e', '--end', type=long, metavar='NUM', dest='end', help='end search at this position, measuring from beginning of file') p.add_argument('-m', '--max-matches', type=long, metavar='NUM', dest='max_matches', help='maximum number of matches to find (0=infinite)') p.add_argument('-l', '--log', type=str, metavar='FILE', dest='log', help='write matched offsets to FILE, instead of standard output') p.add_argument(type=str, metavar='FILE', dest='fsearch', nargs='*', help='files to search within') p.add_argument('-v', '--verbose', dest='verbose', action='store_true', help='verbose, output the number of bytes searched after each buffer read') p.add_argument('-V', '--version', action='version', version='%(prog)s ' + VERSION) p.add_argument('-d', '--debug', dest='debug', action='store_true', help='debugging (don\'t use this)') return p.parse_args()
""" =Patterns= A pattern is a list. It represents the division between known and unknown bytes to search for. All hex/text/file input is converted to a pattern. Examples of conversions: hex "31??33" becomes ['A', 'C'] # Everything is converted internally to strings, even though they may not be printable characters. text "A?C" becomes ['A', 'C'] text "A??C" becomes ['A', '', 'C'] """ def hex_to_pattern(hex): """ Converts a hex string into a pattern. """ ret = [] pattern = hex if hex[:2] == "0x": # Remove "0x" from start if it exists. pattern = hex[2:] try: ret = [ p for p in pattern.split("??") ] try: # Python 3. return [ bytes.fromhex(p) for p in ret ] except AttributeError: # Python 2. return [ p.decode("hex") for p in ret ] except(TypeError, ValueError): e = sys.exc_info()[1] _exit_error("decode", hex, e)
def text_to_pattern(text): """ Converts a text string into a pattern. """ try: # Python 3. return [ t.encode('utf-8') for t in text.split("?") ] except TypeError: # Python 2. return [ t for t in text.split("?") ]
def file_to_pattern(fname): """ Converts a file into a pattern. """ try: # If file specified, read it into memory. with open(fname, "rb") as f: return [f.read()] except IOError: e = sys.exc_info()[1] _exit_error("fpattern", fname, e)
# We will be keeping the parsed args object and editing its attributes! def verify_args(ar): """ Verify that all the parsed args are correct and work well together. Returns the modified args object. """ DEBUG = ar.debug # Make sure that exactly 1 pattern argument was given. all_patterns = list(filter(None, [ar.fpattern, ar.ppattern, ar.tpattern])) if len(all_patterns) > 1: _exit_error("Xpatterns") if len(all_patterns) == 0: _exit_error("0patterns") # Create a new variable ar.pattern, and fill it with # whichever pattern we have -t -f -p. ar.pattern will be a list. if ar.fpattern: ar.pattern = file_to_pattern(ar.fpattern) elif ar.tpattern: ar.pattern = text_to_pattern(ar.tpattern) else: ar.pattern = hex_to_pattern(ar.ppattern) # Convert all number args from strings into long integers. try: for attr in [ "bsize", "max_matches", "start", "end" ]: if getattr(ar, attr): setattr(ar, attr, long(getattr(ar, attr))) except ValueError: e = sys.exc_info()[1] _exit_error("sizes", err=e) # Buffer size must be at least double maximum pattern size. if ar.bsize: if ar.bsize < len("?".join(ar.pattern)) * 2: _exit_error("bsize", len("?".join(ar.pattern)) * 2) else: ar.bsize = len(b"".join(ar.pattern)) * 2 ar.bsize = max(ar.bsize, 2**23) # If bsize is < default, set to default. # Set start and end values to 0 if not set. ar.start = ar.start or 0 ar.end = ar.end or 0 # End must be after start. :) if ar.end and ar.start >= ar.end: _exit_error("startend") # If log file is True, open it and replace ar.log with the file handler. if ar.log: try: ar.log = open(ar.log, "w") except IOError: e = sys.exc_info()[1] _exit_error("openfile", ar.log, e) return ar
def search(ar, fh): """ This function is simply a wrapper to forward needed variables in a way to make them all local variables. Accessing local variables is faster than accessing object.attribute variables. Returns nothing. """ if not DEBUG: _search_loop(ar.start, ar.end, ar.bsize, ar.pattern, ar.max_matches, ar.log, ar.verbose, fh.name, fh.read, fh.seek) else: _debug_search(ar.pattern, fh.name, fh.read)
def _debug_search(pattern, fh_name, fh_read): """ Slower, less functional, but less error prone simple search. For debugging purposes. Returns nothing. """ len_pattern = len(b"?".join(pattern)) read_size = 2**24 - len_pattern # Amount to read each loop. pattern = [ re.escape(p) for p in pattern ] pattern = b".".join(pattern) regex = re.compile(pattern, re.DOTALL+re.MULTILINE) try: buffer = fh_read(len_pattern + read_size) offset = 0 match = regex.search(buffer) while True: if not match: offset += read_size buffer = buffer[read_size:] # Erase front portion of buffer. buffer += fh_read(read_size) match = regex.search(buffer) else: STDOUT.write("Match at offset: %14d %12X in %s\n" % ( offset+match.start(), offset+match.start(), fh_name)) match = regex.search(buffer, match.start()+1) if len(buffer) <= len_pattern: return except IOError: e = sys.exc_info()[1] _exit_error("read", fh_name, e)
def _search_loop(start, end, bsize, pattern, max_matches, log, verbose, fh_name, fh_read, fh_seek): """ Primary search function. Returns nothing. """ len_pattern = len(b"?".join(pattern)) # Byte length of pattern. read_size = bsize - len_pattern # Amount to read each loop. # Convert pattern into a regular expression for insane fast searching. pattern = [ re.escape(p) for p in pattern ] pattern = b".".join(pattern) # Grab regex search function directly to speed up function calls. regex_search = re.compile(pattern, re.DOTALL+re.MULTILINE).search offset = start or 0 # Set start reading position in file. try: if offset: fh_seek(offset) except IOError: e = sys.exc_info()[1] _exit_error("read", fh_name, err=e) try: buffer = fh_read(len_pattern + read_size) # Get initial buffer amount. match = regex_search(buffer) # Search for a match in the buffer. # Set match to -1 if no match, else set it to the match position. match = -1 if match == None else match.start() while True: # Begin main loop for searching through a file. if match == -1: # No match. offset += read_size # If end exists and we are beyond end, finish search. if end and offset > end: return buffer = buffer[read_size:] # Erase front portion of buffer. buffer += fh_read(read_size) # Read more into the buffer. match = regex_search(buffer) # Search for next match in the buffer. # If there is no match set match to -1, else the matching position. match = -1 if match == None else match.start() if verbose: # Print each loop offset if verbose is on. STDOUT.write("Passing offset: %14d %12X\n" % (offset, offset)) else: # Else- there was a match. # If end exists and we are beyond end, finish search. if match == -1 and offset + match > end: return # Print matched offset. find_offset = offset + match STDOUT.write("Match at offset: %14d %12X in %s\n" % ( find_offset, find_offset, fh_name)) if max_matches: max_matches -= 1 if max_matches == 0: # If maximum matches are found, then end. STDOUT.write("Found maximum number of matches.\n") return # Search for next match in the buffer. match = regex_search(buffer, match+1) match = -1 if match == None else match.start() if len(buffer) <= len_pattern: # If finished reading input then end. return # Main loop closes here. except IOError: e = sys.exc_info()[1] _exit_error("read", fh_name, e)
def main(): args = get_args() # Get commandline arguments. args = verify_args(args) # Check arguments for sanity, and edit them a bit. if args.fsearch: # If filenames were given on the commandline, process them. while args.fsearch: # List of files to search inside. try: # Open a filehandler for the filename. filehandler = open(args.fsearch[0], "rb") except IOError: e = sys.exc_info()[1] _exit_error("openfile", args.fsearch[0], e) search(args, filehandler) filehandler.close() args.fsearch.pop(0) # Remove each file after search. else: # If no files were given, search using stdin. search(args, STDIN) sys.exit(0)
if __name__ == "__main__": # This allows the program to exit quickly when pressing ctrl+c. signal.signal(signal.SIGINT, signal.SIG_DFL) main() source: https://github.com/Sepero/SearchBin/blob/master/searchbin.pyis useful works out fo the box without dependencies, might need to chmod +x searchbin.py if it dont execute on terminal after changing into the directory with the searchbin.py file i cant explain how ot run this maybe pay someone to support you in person if you have no tech skills. searchbin -p 01010420 "path to disk image of .img" file,
searchbin -p 01010420 /dev/whicheverpath its on might work too if you want to go cowboy mode. it probably will miss it, so try if it doesnt work, some keys have this preseeding, i noticed half the old wallets i extracted keys from using raw extraction 10141f found mroe keys, they are just 31 bytes after instead of 32 but they start with 00 i think it will start outputting offsets of whereveer private keys are stored on the drive. and you can then run pywallet or if you want to be pressie locate the wallet file. also a bonus, searchbin.py -p 6231050009000000 "path to disk image" will output offsets to wallet files. i mean its not guaranteed to, but it should help you get closer to recovering it. if you get rich please ask me for my wallet address. thanks also if you find any hits let me know i can give more advice, im learning the shit out of recovering wallets as i still cant recover mine.[/code] If I find 6231050009000000 and 10141f while looking for a deleted wallet.... how do I get a private key from that? Fell free to message me
|
|
|
|
litecoin_messiah
|
|
February 02, 2024, 06:29:59 PM |
|
Pywallet requires ton of plugins, you dont want to be connecting to the internet while sandboxed just to get that script working properly, (just a millisecond can leak keys) to some hacker i suggest first just searching for the berkeley database file headers, you can then use some software to extract the files. but first make a disk image using a ubuntu live usb or something. go to gnome disks, (if using windows make sure the computer isnt hibernating and shut down correctly or not i dunno maybe that might overwrite some data if you do make 3 disk images i guess, do sudo gnome-disks if your noob and select disk and create an image of it on a m2ssd or something) #!/usr/bin/env python """ searchbin.py -t PATTERN [FILE [FILE...]] searchbin.py -p PATTERN [FILE [FILE...]] searchbin.py -f FILE [FILE [FILE...]]
examples: ./searchbin.py -t "hello" myfile.exe Searches for the text "hello" in myfile.exe.
./searchbin.py -p "CCDDFF" myfile.exe Searches for the hexidecimal pattern "CCDDFF" in myfile.exe.
./searchbin.py -f pattern.bin myfile.exe Reads the file pattern.bin, and searches for a binary match within myfile.exe.
Many more capabilites, just run ./searchbin.py --help
+Features: no compiling, fast, small file, wild card matches, search multiple files of unlimited size, all operating systems +Minimum Py2.7 required for argparse library +keywords binary grep search seek find fast
license: BSD 2-Clause License, 2012, Sepero license: http://www.opensource.org/licenses/BSD-2-Clause """
from __future__ import unicode_literals import re import signal import sys
# Global variables. CONTACT=("sepero 111 @ gmx . com\n" "https://bitbucket.org/Sepero/searchbin/issues/new\n" "http://seperohacker.blogspot.com/2012/04/binary-grep-program-searchbin.html")
VERSION="1.00" DEBUG = False STDOUT = sys.stdout
try: # Python 3 modifications. STDIN = sys.stdin.buffer except: # Python 2 modifications. STDIN = sys.stdin range = xrange
def _exit_error(code, option="", err=None): """ Error information is kept here for the purposes of easier management and possibly language tranlation. Returns nothing. All calls exit the program, error status 128. """ error_codes = { "Xpatterns": "Cannot search for multiple patterns. '-t -p -f'", "0patterns": "No pattern to search for was supplied. '-t -p -f'", "decode": "The pattern string is invalid.\n" + str(option), "bsize": "The buffer size must be at least %s bytes." % str(option), "sizes": "Size parameters (-b -s -e -m) must be in decimal format.", "fpattern": "No pattern file found named: %s" % option, "startend": "The start of search must come before the end.", "openfile": "Failed opening file: %s" % option, "logwrite": "Could not write to the log file: %s" % option, "read": "Failed reading from file: %s" % option, } import traceback sys.stderr.write(traceback.format_exc() + "\n") if not DEBUG: sys.stderr.write("version: %s\n" % VERSION) sys.stderr.write("Please Report issues to: %s\n" % CONTACT) if err: sys.stderr.write("%s\n" % str(err)) sys.stderr.write("Error <%s>: %s\n\n" % (code, error_codes[code])) if __name__ == "__main__": sys.exit(128) # Exit under normal operation. raise # Raise error on unittest or other execution.
def get_args(): """ Parse all arguments from the command line using ArgumentParser. Returns an args object with attributes representing all arguments. """ from argparse import ArgumentParser description = CONTACT + """ An argument -t or -p or -f is required. The -p argument accepts a hexidecimal pattern string and allows for missing characters, such as 'FF??FF'. When using -f argument, the pattern file will be read as a binary file (not hex strings). If no search files are specified, %prog will read from standard input. The minimum memory required is about 3 times the size of the pattern byte length. Increasing buffer-size will increase program search speed for large search files. All size arguments (-b -s -e) are read in decimal format, for example: '-s 1024' will start searching after 1kilobyte. format, for example: '-s 1024' will start searching after 1kilobyte. Reported finds are 0-based offset. """ p = ArgumentParser(description=description) def add(s, **kwargs): args = s.split(':') value = args.pop(2) # Pop item at index 2 (argument type). if value: kwargs['type'] = eval(value) #(type)(value) # str(value) or long(value). value = args.pop(2) # Pop item at index 2 (argument metavar). if value: kwargs['metavar'] = value value = args.pop(2) # Pop item at index 2 (argument name/destination). if value: kwargs['dest'] = value p.add_argument(*args, **kwargs) p.add_argument('-f', '--file', type=str, metavar='FILE', dest='fpattern', help='file to read search pattern from') p.add_argument('-t', '--text', type=str, metavar='PATTERN', dest='tpattern', help='a (utf-8 case-sensitive) text string to search for') p.add_argument('-p', '--pattern', type=str, # I would use -h for hex, but that's used for help output. metavar='PATTERN', dest='ppattern', help='a hexidecimal pattern to search for') try: # Python 3. p.add_argument('-b', '--buffer-size', type=int, metavar='NUM', dest='bsize', help='read buffer size (in bytes). 8MB default') p.add_argument('-s', '--start', type=int, metavar='NUM', dest='start', help='starting position in file to begin searching, as bytes') p.add_argument('-e', '--end', type=int, metavar='NUM', dest='end', help='end search at this position, measuring from beginning of file') p.add_argument('-m', '--max-matches', type=int, metavar='NUM', dest='max_matches', help='maximum number of matches to find (0=infinite)') except: # Python 2. p.add_argument('-b', '--buffer-size', type=long, metavar='NUM', dest='bsize', help='read buffer size (in bytes). default is 8388608 (8MB)') p.add_argument('-s', '--start', type=long, metavar='NUM', dest='start', help='starting position in file to begin searching, as bytes') p.add_argument('-e', '--end', type=long, metavar='NUM', dest='end', help='end search at this position, measuring from beginning of file') p.add_argument('-m', '--max-matches', type=long, metavar='NUM', dest='max_matches', help='maximum number of matches to find (0=infinite)') p.add_argument('-l', '--log', type=str, metavar='FILE', dest='log', help='write matched offsets to FILE, instead of standard output') p.add_argument(type=str, metavar='FILE', dest='fsearch', nargs='*', help='files to search within') p.add_argument('-v', '--verbose', dest='verbose', action='store_true', help='verbose, output the number of bytes searched after each buffer read') p.add_argument('-V', '--version', action='version', version='%(prog)s ' + VERSION) p.add_argument('-d', '--debug', dest='debug', action='store_true', help='debugging (don\'t use this)') return p.parse_args()
""" =Patterns= A pattern is a list. It represents the division between known and unknown bytes to search for. All hex/text/file input is converted to a pattern. Examples of conversions: hex "31??33" becomes ['A', 'C'] # Everything is converted internally to strings, even though they may not be printable characters. text "A?C" becomes ['A', 'C'] text "A??C" becomes ['A', '', 'C'] """ def hex_to_pattern(hex): """ Converts a hex string into a pattern. """ ret = [] pattern = hex if hex[:2] == "0x": # Remove "0x" from start if it exists. pattern = hex[2:] try: ret = [ p for p in pattern.split("??") ] try: # Python 3. return [ bytes.fromhex(p) for p in ret ] except AttributeError: # Python 2. return [ p.decode("hex") for p in ret ] except(TypeError, ValueError): e = sys.exc_info()[1] _exit_error("decode", hex, e)
def text_to_pattern(text): """ Converts a text string into a pattern. """ try: # Python 3. return [ t.encode('utf-8') for t in text.split("?") ] except TypeError: # Python 2. return [ t for t in text.split("?") ]
def file_to_pattern(fname): """ Converts a file into a pattern. """ try: # If file specified, read it into memory. with open(fname, "rb") as f: return [f.read()] except IOError: e = sys.exc_info()[1] _exit_error("fpattern", fname, e)
# We will be keeping the parsed args object and editing its attributes! def verify_args(ar): """ Verify that all the parsed args are correct and work well together. Returns the modified args object. """ DEBUG = ar.debug # Make sure that exactly 1 pattern argument was given. all_patterns = list(filter(None, [ar.fpattern, ar.ppattern, ar.tpattern])) if len(all_patterns) > 1: _exit_error("Xpatterns") if len(all_patterns) == 0: _exit_error("0patterns") # Create a new variable ar.pattern, and fill it with # whichever pattern we have -t -f -p. ar.pattern will be a list. if ar.fpattern: ar.pattern = file_to_pattern(ar.fpattern) elif ar.tpattern: ar.pattern = text_to_pattern(ar.tpattern) else: ar.pattern = hex_to_pattern(ar.ppattern) # Convert all number args from strings into long integers. try: for attr in [ "bsize", "max_matches", "start", "end" ]: if getattr(ar, attr): setattr(ar, attr, long(getattr(ar, attr))) except ValueError: e = sys.exc_info()[1] _exit_error("sizes", err=e) # Buffer size must be at least double maximum pattern size. if ar.bsize: if ar.bsize < len("?".join(ar.pattern)) * 2: _exit_error("bsize", len("?".join(ar.pattern)) * 2) else: ar.bsize = len(b"".join(ar.pattern)) * 2 ar.bsize = max(ar.bsize, 2**23) # If bsize is < default, set to default. # Set start and end values to 0 if not set. ar.start = ar.start or 0 ar.end = ar.end or 0 # End must be after start. :) if ar.end and ar.start >= ar.end: _exit_error("startend") # If log file is True, open it and replace ar.log with the file handler. if ar.log: try: ar.log = open(ar.log, "w") except IOError: e = sys.exc_info()[1] _exit_error("openfile", ar.log, e) return ar
def search(ar, fh): """ This function is simply a wrapper to forward needed variables in a way to make them all local variables. Accessing local variables is faster than accessing object.attribute variables. Returns nothing. """ if not DEBUG: _search_loop(ar.start, ar.end, ar.bsize, ar.pattern, ar.max_matches, ar.log, ar.verbose, fh.name, fh.read, fh.seek) else: _debug_search(ar.pattern, fh.name, fh.read)
def _debug_search(pattern, fh_name, fh_read): """ Slower, less functional, but less error prone simple search. For debugging purposes. Returns nothing. """ len_pattern = len(b"?".join(pattern)) read_size = 2**24 - len_pattern # Amount to read each loop. pattern = [ re.escape(p) for p in pattern ] pattern = b".".join(pattern) regex = re.compile(pattern, re.DOTALL+re.MULTILINE) try: buffer = fh_read(len_pattern + read_size) offset = 0 match = regex.search(buffer) while True: if not match: offset += read_size buffer = buffer[read_size:] # Erase front portion of buffer. buffer += fh_read(read_size) match = regex.search(buffer) else: STDOUT.write("Match at offset: %14d %12X in %s\n" % ( offset+match.start(), offset+match.start(), fh_name)) match = regex.search(buffer, match.start()+1) if len(buffer) <= len_pattern: return except IOError: e = sys.exc_info()[1] _exit_error("read", fh_name, e)
def _search_loop(start, end, bsize, pattern, max_matches, log, verbose, fh_name, fh_read, fh_seek): """ Primary search function. Returns nothing. """ len_pattern = len(b"?".join(pattern)) # Byte length of pattern. read_size = bsize - len_pattern # Amount to read each loop. # Convert pattern into a regular expression for insane fast searching. pattern = [ re.escape(p) for p in pattern ] pattern = b".".join(pattern) # Grab regex search function directly to speed up function calls. regex_search = re.compile(pattern, re.DOTALL+re.MULTILINE).search offset = start or 0 # Set start reading position in file. try: if offset: fh_seek(offset) except IOError: e = sys.exc_info()[1] _exit_error("read", fh_name, err=e) try: buffer = fh_read(len_pattern + read_size) # Get initial buffer amount. match = regex_search(buffer) # Search for a match in the buffer. # Set match to -1 if no match, else set it to the match position. match = -1 if match == None else match.start() while True: # Begin main loop for searching through a file. if match == -1: # No match. offset += read_size # If end exists and we are beyond end, finish search. if end and offset > end: return buffer = buffer[read_size:] # Erase front portion of buffer. buffer += fh_read(read_size) # Read more into the buffer. match = regex_search(buffer) # Search for next match in the buffer. # If there is no match set match to -1, else the matching position. match = -1 if match == None else match.start() if verbose: # Print each loop offset if verbose is on. STDOUT.write("Passing offset: %14d %12X\n" % (offset, offset)) else: # Else- there was a match. # If end exists and we are beyond end, finish search. if match == -1 and offset + match > end: return # Print matched offset. find_offset = offset + match STDOUT.write("Match at offset: %14d %12X in %s\n" % ( find_offset, find_offset, fh_name)) if max_matches: max_matches -= 1 if max_matches == 0: # If maximum matches are found, then end. STDOUT.write("Found maximum number of matches.\n") return # Search for next match in the buffer. match = regex_search(buffer, match+1) match = -1 if match == None else match.start() if len(buffer) <= len_pattern: # If finished reading input then end. return # Main loop closes here. except IOError: e = sys.exc_info()[1] _exit_error("read", fh_name, e)
def main(): args = get_args() # Get commandline arguments. args = verify_args(args) # Check arguments for sanity, and edit them a bit. if args.fsearch: # If filenames were given on the commandline, process them. while args.fsearch: # List of files to search inside. try: # Open a filehandler for the filename. filehandler = open(args.fsearch[0], "rb") except IOError: e = sys.exc_info()[1] _exit_error("openfile", args.fsearch[0], e) search(args, filehandler) filehandler.close() args.fsearch.pop(0) # Remove each file after search. else: # If no files were given, search using stdin. search(args, STDIN) sys.exit(0)
if __name__ == "__main__": # This allows the program to exit quickly when pressing ctrl+c. signal.signal(signal.SIGINT, signal.SIG_DFL) main() source: https://github.com/Sepero/SearchBin/blob/master/searchbin.pyis useful works out fo the box without dependencies, might need to chmod +x searchbin.py if it dont execute on terminal after changing into the directory with the searchbin.py file i cant explain how ot run this maybe pay someone to support you in person if you have no tech skills. searchbin -p 01010420 "path to disk image of .img" file,
searchbin -p 01010420 /dev/whicheverpath its on might work too if you want to go cowboy mode. it probably will miss it, so try if it doesnt work, some keys have this preseeding, i noticed half the old wallets i extracted keys from using raw extraction 10141f found mroe keys, they are just 31 bytes after instead of 32 but they start with 00 i think it will start outputting offsets of whereveer private keys are stored on the drive. and you can then run pywallet or if you want to be pressie locate the wallet file. also a bonus, searchbin.py -p 6231050009000000 "path to disk image" will output offsets to wallet files. i mean its not guaranteed to, but it should help you get closer to recovering it. if you get rich please ask me for my wallet address. thanks also if you find any hits let me know i can give more advice, im learning the shit out of recovering wallets as i still cant recover mine.[/code] If I find 6231050009000000 and 10141f while looking for a deleted wallet.... how do I get a private key from that? Fell free to message me Is Usually 20 is hexadecimal. If you go to https://www.rapidtables.com/convert/number/hex-to-decimal.html?x=20 you can see the number is 32. 32 sort of represents the amount of characters to read to to get the private keynow when it says 1f instead of 20 it if we go to https://www.rapidtables.com/convert/number/hex-to-decimal.html?x=1f you can see the number is 31 so we only read 31 characters after. the private key is 31 characters long (in hex format). it could even be 1e, that will be 30 characters long. whatever the case, lets say you have a key that starts with 10141f, you read the 31 characters following for the private key. You can turn it into a private key with a tool such as https://brainwalletx.github.io/ and paste the hex into the "Secret Exponent" section, be sure to select compressed/uncompressed format or the right crypto network. not sure if that answers. Also don't use https://brainwalletx.github.io/ without downloading it first/inspecting the code if possible from Usually people just add padding with 0's on the key it all depends on how you use the key.
|
|
|
|
|